[gentoo-announce] [ GLSA 202209-10 ] Logcheck: Root privilege escalation - gentoo-announce

From:	glsamaker@g.o
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202209-10 ] Logcheck: Root privilege escalation
Date:	Sun, 25 Sep 2022 13:50:46
Message-Id:	`166411290230.9.8040128598883786569@90bb6a0775af`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202209-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Logcheck: Root privilege escalation

9

     Date: September 25, 2022

10

     Bugs: #630752

11

       ID: 202209-10

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

A vulnerability has been discovered in Logcheck's ebuilds which could

19

allow for root privilege escalation.

20

21

Background

22

==========

23

24

Logcheck mails anomalies in the system logfiles to the administrator.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  app-admin/logcheck         <= 1.3.23                 Vulnerable!

33

34

Description

35

===========

36

37

The pkg_postinst phase of the Logcheck ebuilds recursively chown the

38

/etc/logcheck and /var/lib/logcheck directories. If the logcheck adds

39

hardlinks to other files in these directories, the chown call will

40

follow the link and transfer ownership of any file to the logcheck user.

41

42

Impact

43

======

44

45

A local attacker with access to the logcheck user could escalate to root

46

privileges.

47

48

Workaround

49

==========

50

51

There is no known workaround at this time.

52

53

Resolution

54

==========

55

56

Gentoo has discontinued support for Logcheck. We recommend that users

57

remove it:

58

59

  # emerge --ask --depclean "app-admin/logcheck"

60

61

References

62

==========

63

64

[ 1 ] CVE-2017-20148

65

      https://nvd.nist.gov/vuln/detail/CVE-2017-20148

66

67

Availability

68

============

69

70

This GLSA and any updates to it are available for viewing at

71

the Gentoo Security Website:

72

73

 https://security.gentoo.org/glsa/202209-10

74

75

Concerns?

76

=========

77

78

Security is a primary focus of Gentoo Linux and ensuring the

79

confidentiality and security of our users' machines is of utmost

80

importance to us. Any security concerns should be addressed to

81

security@g.o or alternatively, you may file a bug at

82

https://bugs.gentoo.org.

83

84

License

85

=======

86

87

Copyright 2022 Gentoo Foundation, Inc; referenced text

88

belongs to its owner(s).

89

90

The contents of this document are licensed under the

91

Creative Commons - Attribution / Share Alike license.

92

93

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202209-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Logcheck: Root privilege escalation
9	Date: September 25, 2022
10	Bugs: #630752
11	ID: 202209-10
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	A vulnerability has been discovered in Logcheck's ebuilds which could
19	allow for root privilege escalation.
20
21	Background
22	==========
23
24	Logcheck mails anomalies in the system logfiles to the administrator.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 app-admin/logcheck <= 1.3.23 Vulnerable!
33
34	Description
35	===========
36
37	The pkg_postinst phase of the Logcheck ebuilds recursively chown the
38	/etc/logcheck and /var/lib/logcheck directories. If the logcheck adds
39	hardlinks to other files in these directories, the chown call will
40	follow the link and transfer ownership of any file to the logcheck user.
41
42	Impact
43	======
44
45	A local attacker with access to the logcheck user could escalate to root
46	privileges.
47
48	Workaround
49	==========
50
51	There is no known workaround at this time.
52
53	Resolution
54	==========
55
56	Gentoo has discontinued support for Logcheck. We recommend that users
57	remove it:
58
59	# emerge --ask --depclean "app-admin/logcheck"
60
61	References
62	==========
63
64	[ 1 ] CVE-2017-20148
65	https://nvd.nist.gov/vuln/detail/CVE-2017-20148
66
67	Availability
68	============
69
70	This GLSA and any updates to it are available for viewing at
71	the Gentoo Security Website:
72
73	https://security.gentoo.org/glsa/202209-10
74
75	Concerns?
76	=========
77
78	Security is a primary focus of Gentoo Linux and ensuring the
79	confidentiality and security of our users' machines is of utmost
80	importance to us. Any security concerns should be addressed to
81	security@g.o or alternatively, you may file a bug at
82	https://bugs.gentoo.org.
83
84	License
85	=======
86
87	Copyright 2022 Gentoo Foundation, Inc; referenced text
88	belongs to its owner(s).
89
90	The contents of this document are licensed under the
91	Creative Commons - Attribution / Share Alike license.
92
93	https://creativecommons.org/licenses/by-sa/2.5